From ba3ee9f0078187262edd2f68380f5e8b5454e247 Mon Sep 17 00:00:00 2001
From: Justus Winter <justus@g10code.com>
Date: Mon, 14 Mar 2016 16:32:00 +0100
Subject: [PATCH] pki_gcrypt: Burn key material

* src/pki_gcrypt.c (b64decode_rsa_privatekey): Burn key material.
(b64decode_dsa_privatekey): Likewise.

Signed-off-by: Justus Winter <justus@g10code.com>
Reviewed-by: Andreas Schneider <asn@cryptomilk.org>
---
 src/pki_gcrypt.c | 11 +++++++++++
 1 file changed, 11 insertions(+)

diff --git a/src/pki_gcrypt.c b/src/pki_gcrypt.c
index 22806af3..663cb1ff 100644
--- a/src/pki_gcrypt.c
+++ b/src/pki_gcrypt.c
@@ -509,13 +509,19 @@ static int b64decode_rsa_privatekey(const char *pkey, gcry_sexp_t *r,
   }
 
 error:
+  ssh_string_burn(n);
   ssh_string_free(n);
+  ssh_string_burn(e);
   ssh_string_free(e);
+  ssh_string_burn(d);
   ssh_string_free(d);
+  ssh_string_burn(p);
   ssh_string_free(p);
+  ssh_string_burn(q);
   ssh_string_free(q);
   ssh_string_free(unused1);
   ssh_string_free(unused2);
+  ssh_string_burn(u);
   ssh_string_free(u);
   ssh_string_free(v);
 
@@ -580,10 +586,15 @@ static int b64decode_dsa_privatekey(const char *pkey, gcry_sexp_t *r, ssh_auth_c
   }
 
 error:
+  ssh_string_burn(p);
   ssh_string_free(p);
+  ssh_string_burn(q);
   ssh_string_free(q);
+  ssh_string_burn(g);
   ssh_string_free(g);
+  ssh_string_burn(y);
   ssh_string_free(y);
+  ssh_string_burn(x);
   ssh_string_free(x);
   ssh_string_free(v);